By Emily Poole
The European Union (“EU”) is in the process of strengthening its online data privacy laws, the far-reaching effects of which will be felt by any U.S. company or organization operating in the EU. The latest move toward implementation of the General Data Protection Regulation (“Regulation”) occurred in late October 2013, when the European Parliament approved certain amendments to the current draft of the legislation.
Right now, the 1995 Data Privacy Directive (“Directive”) regulates data privacy in the EU. It directs each of the twenty-eight member countries to create its own set of privacy laws that comply with the Directive’s seven principles: notice, purpose, consent, security, disclosure, access and accountability. Since the Directive only provides a framework by which countries are expected to abide, rather than imposing concrete regulations, privacy law in the EU is a patchwork of country-specific rules, with some countries implementing and enforcing robust privacy regulations and others creating laws that simply meet the minimum requirements of the Directive.
The October vote moves the EU one step closer to overhauling the varied and inconsistent country-specific laws and replacing them with a single, uniform piece of the legislation. The goal is to have the provisions of the Regulation agreed upon by mid 2014 and to come into effect two years after that.
One of the provisions receiving the most attention is the Right to Erasure (formerly the Right to Be Forgotten), which is intended to give EU citizens a legal right to require service providers to, upon request, remove their personal data and communicate the deletion request to any third party to whom they sent the data. While such a move means to give individuals more control over their information, the provision brings up a host of free speech concerns. If a user is unhappy with a post about him or her, he or she could simply request that the site hosting the comment take it down–thereby, stifling speech.
The Regulation has yet to be finalized, so expect more disagreement over controversial provisions, such as the Right to Be Forgotten. Learn more at: http://ec.europa.eu/justice/data-protection/
